Dataset statistics
| Number of variables | 16 |
|---|---|
| Number of observations | 574882 |
| Missing cells | 0 |
| Missing cells (%) | 0.0% |
| Duplicate rows | 0 |
| Duplicate rows (%) | 0.0% |
| Total size in memory | 90.7 MiB |
| Average record size in memory | 165.4 B |
Variable types
| NUM | 9 |
|---|---|
| CAT | 5 |
| BOOL | 2 |
Reproduction
| Analysis started | 2023-02-04 09:13:31.793784 |
|---|---|
| Analysis finished | 2023-02-04 09:14:33.370084 |
| Duration | 1 minute and 1.58 second |
| Version | pandas-profiling v2.8.0 |
| Command line | pandas_profiling --config_file config.yaml [YOUR_FILE.csv] |
| Download configuration | config.yaml |
evil has constant value "0" | Constant |
stackAddresses has a high cardinality: 87166 distinct values | High cardinality |
args has a high cardinality: 184128 distinct values | High cardinality |
threadId is highly correlated with processId | High correlation |
processId is highly correlated with threadId | High correlation |
returnValue is highly skewed (γ1 = 24.59200612) | Skewed |
parentProcessId has 16318 (2.8%) zeros | Zeros |
userId has 569884 (99.1%) zeros | Zeros |
returnValue has 398081 (69.2%) zeros | Zeros |
timestamp
Real number (ℝ≥0)
| Distinct count | 574807 |
|---|---|
| Unique (%) | > 99.9% |
| Missing | 0 |
| Missing (%) | 0.0% |
| Infinite | 0 |
| Infinite (%) | 0.0% |
| Mean | 1760.699406745824 |
|---|---|
| Minimum | 132.560721 |
| Maximum | 3954.587643 |
| Zeros | 0 |
| Zeros (%) | 0.0% |
| Memory size | 4.4 MiB |
Quantile statistics
| Minimum | 132.560721 |
|---|---|
| 5-th percentile | 140.6630085 |
| Q1 | 831.4504055 |
| median | 1704.79921 |
| Q3 | 2747.376426 |
| 95-th percentile | 3695.358346 |
| Maximum | 3954.587643 |
| Range | 3822.026922 |
| Interquartile range (IQR) | 1915.92602 |
Descriptive statistics
| Standard deviation | 1145.659134 |
|---|---|
| Coefficient of variation (CV) | 0.6506841143 |
| Kurtosis | -1.165530394 |
| Mean | 1760.699407 |
| Median Absolute Deviation (MAD) | 934.4803985 |
| Skewness | 0.2536834814 |
| Sum | 1012194396 |
| Variance | 1312534.851 |
Histogram with fixed size bins (bins=10)
| Value | Count | Frequency (%) | |
| 404.239798 | 2 | < 0.1% | |
| 404.261628 | 2 | < 0.1% | |
| 135.679097 | 2 | < 0.1% | |
| 404.064138 | 2 | < 0.1% | |
| 916.539772 | 2 | < 0.1% | |
| 133.87143 | 2 | < 0.1% | |
| 903.402184 | 2 | < 0.1% | |
| 409.511193 | 2 | < 0.1% | |
| 404.046004 | 2 | < 0.1% | |
| 3322.902765 | 2 | < 0.1% | |
| Other values (574797) | 574862 | > 99.9% |
| Value | Count | Frequency (%) | |
| 132.560721 | 1 | < 0.1% | |
| 132.560761 | 1 | < 0.1% | |
| 132.560814 | 1 | < 0.1% | |
| 132.560838 | 1 | < 0.1% | |
| 132.56088 | 1 | < 0.1% |
| Value | Count | Frequency (%) | |
| 3954.587643 | 1 | < 0.1% | |
| 3954.587526 | 1 | < 0.1% | |
| 3954.58748 | 1 | < 0.1% | |
| 3954.587429 | 1 | < 0.1% | |
| 3954.587254 | 1 | < 0.1% |
| Distinct count | 316 |
|---|---|
| Unique (%) | 0.1% |
| Missing | 0 |
| Missing (%) | 0.0% |
| Infinite | 0 |
| Infinite (%) | 0.0% |
| Mean | 6676.543015784108 |
|---|---|
| Minimum | 1 |
| Maximum | 7676 |
| Zeros | 0 |
| Zeros (%) | 0.0% |
| Memory size | 4.4 MiB |
Quantile statistics
| Minimum | 1 |
|---|---|
| 5-th percentile | 159 |
| Q1 | 7303 |
| median | 7355 |
| Q3 | 7396 |
| 95-th percentile | 7488 |
| Maximum | 7676 |
| Range | 7675 |
| Interquartile range (IQR) | 93 |
Descriptive statistics
| Standard deviation | 2110.103806 |
|---|---|
| Coefficient of variation (CV) | 0.3160473617 |
| Kurtosis | 5.457933053 |
| Mean | 6676.543016 |
| Median Absolute Deviation (MAD) | 46 |
| Skewness | -2.724247019 |
| Sum | 3838224402 |
| Variance | 4452538.07 |
Histogram with fixed size bins (bins=10)
| Value | Count | Frequency (%) | |
| 159 | 20517 | 3.6% | |
| 1 | 16318 | 2.8% | |
| 7373 | 7119 | 1.2% | |
| 7371 | 6512 | 1.1% | |
| 7335 | 6132 | 1.1% | |
| 7374 | 6078 | 1.1% | |
| 7336 | 6075 | 1.1% | |
| 7381 | 5946 | 1.0% | |
| 7375 | 5930 | 1.0% | |
| 7370 | 5460 | 0.9% | |
| Other values (306) | 488795 | 85.0% |
| Value | Count | Frequency (%) | |
| 1 | 16318 | 2.8% | |
| 5 | 4 | < 0.1% | |
| 7 | 6 | < 0.1% | |
| 8 | 6 | < 0.1% | |
| 80 | 6 | < 0.1% |
| Value | Count | Frequency (%) | |
| 7676 | 84 | < 0.1% | |
| 7675 | 109 | < 0.1% | |
| 7669 | 1092 | 0.2% | |
| 7664 | 1112 | 0.2% | |
| 7657 | 1092 | 0.2% |
| Distinct count | 361 |
|---|---|
| Unique (%) | 0.1% |
| Missing | 0 |
| Missing (%) | 0.0% |
| Infinite | 0 |
| Infinite (%) | 0.0% |
| Mean | 6683.846718109107 |
|---|---|
| Minimum | 1 |
| Maximum | 7676 |
| Zeros | 0 |
| Zeros (%) | 0.0% |
| Memory size | 4.4 MiB |
Quantile statistics
| Minimum | 1 |
|---|---|
| 5-th percentile | 159 |
| Q1 | 7303 |
| median | 7355 |
| Q3 | 7396 |
| 95-th percentile | 7488 |
| Maximum | 7676 |
| Range | 7675 |
| Interquartile range (IQR) | 93 |
Descriptive statistics
| Standard deviation | 2096.105639 |
|---|---|
| Coefficient of variation (CV) | 0.3136076764 |
| Kurtosis | 5.564799239 |
| Mean | 6683.846718 |
| Median Absolute Deviation (MAD) | 46 |
| Skewness | -2.742106188 |
| Sum | 3842423169 |
| Variance | 4393658.849 |
Histogram with fixed size bins (bins=10)
| Value | Count | Frequency (%) | |
| 159 | 20421 | 3.6% | |
| 1 | 16318 | 2.8% | |
| 7373 | 7119 | 1.2% | |
| 7371 | 6512 | 1.1% | |
| 7335 | 6132 | 1.1% | |
| 7374 | 6078 | 1.1% | |
| 7336 | 6075 | 1.1% | |
| 7381 | 5946 | 1.0% | |
| 7375 | 5933 | 1.0% | |
| 7370 | 5462 | 1.0% | |
| Other values (351) | 488886 | 85.0% |
| Value | Count | Frequency (%) | |
| 1 | 16318 | 2.8% | |
| 5 | 4 | < 0.1% | |
| 7 | 6 | < 0.1% | |
| 8 | 6 | < 0.1% | |
| 80 | 6 | < 0.1% |
| Value | Count | Frequency (%) | |
| 7676 | 84 | < 0.1% | |
| 7675 | 109 | < 0.1% | |
| 7674 | 2 | < 0.1% | |
| 7669 | 1092 | 0.2% | |
| 7664 | 1112 | 0.2% |
| Distinct count | 50 |
|---|---|
| Unique (%) | < 0.1% |
| Missing | 0 |
| Missing (%) | 0.0% |
| Infinite | 0 |
| Infinite (%) | 0.0% |
| Mean | 1348.6604938056853 |
|---|---|
| Minimum | 0 |
| Maximum | 7455 |
| Zeros | 16318 |
| Zeros (%) | 2.8% |
| Memory size | 4.4 MiB |
Quantile statistics
| Minimum | 0 |
|---|---|
| 5-th percentile | 1 |
| Q1 | 187 |
| median | 1385 |
| Q3 | 1640 |
| 95-th percentile | 4489 |
| Maximum | 7455 |
| Range | 7455 |
| Interquartile range (IQR) | 1453 |
Descriptive statistics
| Standard deviation | 1192.571458 |
|---|---|
| Coefficient of variation (CV) | 0.8842636552 |
| Kurtosis | 4.322130601 |
| Mean | 1348.660494 |
| Median Absolute Deviation (MAD) | 256 |
| Skewness | 1.741538498 |
| Sum | 775320642 |
| Variance | 1422226.682 |
Histogram with fixed size bins (bins=10)
| Value | Count | Frequency (%) | |
| 187 | 87871 | 15.3% | |
| 1469 | 62274 | 10.8% | |
| 1336 | 57826 | 10.1% | |
| 1 | 55294 | 9.6% | |
| 1649 | 49290 | 8.6% | |
| 1317 | 46978 | 8.2% | |
| 4489 | 45684 | 7.9% | |
| 1640 | 42848 | 7.5% | |
| 1385 | 21920 | 3.8% | |
| 1648 | 18704 | 3.3% | |
| Other values (40) | 86193 | 15.0% |
| Value | Count | Frequency (%) | |
| 0 | 16318 | 2.8% | |
| 1 | 55294 | 9.6% | |
| 2 | 837 | 0.1% | |
| 187 | 87871 | 15.3% | |
| 188 | 3576 | 0.6% |
| Value | Count | Frequency (%) | |
| 7455 | 2184 | 0.4% | |
| 7437 | 18 | < 0.1% | |
| 7431 | 50 | < 0.1% | |
| 7389 | 18 | < 0.1% | |
| 7383 | 50 | < 0.1% |
| Distinct count | 5 |
|---|---|
| Unique (%) | < 0.1% |
| Missing | 0 |
| Missing (%) | 0.0% |
| Infinite | 0 |
| Infinite (%) | 0.0% |
| Mean | 0.876898215633817 |
|---|---|
| Minimum | 0 |
| Maximum | 103 |
| Zeros | 569884 |
| Zeros (%) | 99.1% |
| Memory size | 4.4 MiB |
Quantile statistics
| Minimum | 0 |
|---|---|
| 5-th percentile | 0 |
| Q1 | 0 |
| median | 0 |
| Q3 | 0 |
| 95-th percentile | 0 |
| Maximum | 103 |
| Range | 103 |
| Interquartile range (IQR) | 0 |
Descriptive statistics
| Standard deviation | 9.36378214 |
|---|---|
| Coefficient of variation (CV) | 10.67829991 |
| Kurtosis | 110.046136 |
| Mean | 0.8768982156 |
| Median Absolute Deviation (MAD) | 0 |
| Skewness | 10.58499925 |
| Sum | 504113 |
| Variance | 87.68041596 |
Histogram with fixed size bins (bins=10)
| Value | Count | Frequency (%) | |
| 0 | 569884 | 99.1% | |
| 101 | 3398 | 0.6% | |
| 100 | 1148 | 0.2% | |
| 102 | 441 | 0.1% | |
| 103 | 11 | < 0.1% |
| Value | Count | Frequency (%) | |
| 0 | 569884 | 99.1% | |
| 100 | 1148 | 0.2% | |
| 101 | 3398 | 0.6% | |
| 102 | 441 | 0.1% | |
| 103 | 11 | < 0.1% |
| Value | Count | Frequency (%) | |
| 103 | 11 | < 0.1% | |
| 102 | 441 | 0.1% | |
| 101 | 3398 | 0.6% | |
| 100 | 1148 | 0.2% | |
| 0 | 569884 | 99.1% |
mountNamespace
Real number (ℝ≥0)
| Distinct count | 6 |
|---|---|
| Unique (%) | < 0.1% |
| Missing | 0 |
| Missing (%) | 0.0% |
| Infinite | 0 |
| Infinite (%) | 0.0% |
| Mean | 4026531905.873282 |
|---|---|
| Minimum | 4026531840 |
| Maximum | 4026532288 |
| Zeros | 0 |
| Zeros (%) | 0.0% |
| Memory size | 4.4 MiB |
Quantile statistics
| Minimum | 4026531840 |
|---|---|
| 5-th percentile | 4026531840 |
| Q1 | 4026531840 |
| median | 4026531840 |
| Q3 | 4026531840 |
| 95-th percentile | 4026532217 |
| Maximum | 4026532288 |
| Range | 448 |
| Interquartile range (IQR) | 0 |
Descriptive statistics
| Standard deviation | 143.4487702 |
|---|---|
| Coefficient of variation (CV) | 3.562588689e-08 |
| Kurtosis | 0.9595569234 |
| Mean | 4026531906 |
| Median Absolute Deviation (MAD) | 0 |
| Skewness | 1.719447344 |
| Sum | 2.314780715e+15 |
| Variance | 20577.54968 |
Histogram with fixed size bins (bins=10)
| Value | Count | Frequency (%) | |
| 4026531840 | 474738 | 82.6% | |
| 4026532217 | 94555 | 16.4% | |
| 4026532232 | 3398 | 0.6% | |
| 4026532231 | 1148 | 0.2% | |
| 4026532288 | 602 | 0.1% | |
| 4026532229 | 441 | 0.1% |
| Value | Count | Frequency (%) | |
| 4026531840 | 474738 | 82.6% | |
| 4026532217 | 94555 | 16.4% | |
| 4026532229 | 441 | 0.1% | |
| 4026532231 | 1148 | 0.2% | |
| 4026532232 | 3398 | 0.6% |
| Value | Count | Frequency (%) | |
| 4026532288 | 602 | 0.1% | |
| 4026532232 | 3398 | 0.6% | |
| 4026532231 | 1148 | 0.2% | |
| 4026532229 | 441 | 0.1% | |
| 4026532217 | 94555 | 16.4% |
processName
Categorical
| Distinct count | 34 |
|---|---|
| Unique (%) | < 0.1% |
| Missing | 0 |
| Missing (%) | 0.0% |
| Memory size | 4.4 MiB |
| ps | |
|---|---|
| systemd-udevd | |
| systemd-journal | 20421 |
| systemd | 16318 |
| systemd-tmpfile | 13014 |
| Other values (29) | 24261 |
| Value | Count | Frequency (%) | |
| ps | 406313 | 70.7% | |
| systemd-udevd | 94555 | 16.4% | |
| systemd-journal | 20421 | 3.6% | |
| systemd | 16318 | 2.8% | |
| systemd-tmpfile | 13014 | 2.3% | |
| amazon-ssm-agen | 4850 | 0.8% | |
| snapd | 4187 | 0.7% | |
| cron | 4080 | 0.7% | |
| systemd-resolve | 3398 | 0.6% | |
| systemd-user-ru | 1276 | 0.2% | |
| Other values (24) | 6470 | 1.1% |
Length
| Max length | 15 |
|---|---|
| Median length | 2 |
| Mean length | 5.068948062 |
| Min length | 2 |
hostName
Categorical
| Distinct count | 8 |
|---|---|
| Unique (%) | < 0.1% |
| Missing | 0 |
| Missing (%) | 0.0% |
| Memory size | 4.4 MiB |
| ubuntu | |
|---|---|
| ip-10-100-1-57 | |
| ip-10-100-1-120 | |
| ip-10-100-1-173 | |
| ip-10-100-1-28 | |
| Other values (3) |
| Value | Count | Frequency (%) | |
| ubuntu | 94996 | 16.5% | |
| ip-10-100-1-57 | 91938 | 16.0% | |
| ip-10-100-1-120 | 80082 | 13.9% | |
| ip-10-100-1-173 | 74344 | 12.9% | |
| ip-10-100-1-28 | 74211 | 12.9% | |
| ip-10-100-1-55 | 72154 | 12.6% | |
| ip-10-100-1-34 | 71673 | 12.5% | |
| ip-10-100-1-79 | 15484 | 2.7% |
Length
| Max length | 15 |
|---|---|
| Median length | 14 |
| Mean length | 12.94666732 |
| Min length | 6 |
eventId
Real number (ℝ≥0)
| Distinct count | 30 |
|---|---|
| Unique (%) | < 0.1% |
| Missing | 0 |
| Missing (%) | 0.0% |
| Infinite | 0 |
| Infinite (%) | 0.0% |
| Mean | 319.60531552562094 |
|---|---|
| Minimum | 3 |
| Maximum | 1010 |
| Zeros | 0 |
| Zeros (%) | 0.0% |
| Memory size | 4.4 MiB |
Quantile statistics
| Minimum | 3 |
|---|---|
| 5-th percentile | 3 |
| Q1 | 3 |
| median | 257 |
| Q3 | 257 |
| 95-th percentile | 1005 |
| Maximum | 1010 |
| Range | 1007 |
| Interquartile range (IQR) | 254 |
Descriptive statistics
| Standard deviation | 399.6046965 |
|---|---|
| Coefficient of variation (CV) | 1.250306791 |
| Kurtosis | -0.7460730517 |
| Mean | 319.6053155 |
| Median Absolute Deviation (MAD) | 254 |
| Skewness | 0.9838438043 |
| Sum | 183735343 |
| Variance | 159683.9135 |
Histogram with fixed size bins (bins=10)
| Value | Count | Frequency (%) | |
| 257 | 164484 | 28.6% | |
| 3 | 164257 | 28.6% | |
| 1005 | 130486 | 22.7% | |
| 5 | 43598 | 7.6% | |
| 4 | 39188 | 6.8% | |
| 21 | 7575 | 1.3% | |
| 1003 | 6136 | 1.1% | |
| 217 | 3893 | 0.7% | |
| 6 | 3365 | 0.6% | |
| 62 | 2384 | 0.4% | |
| Other values (20) | 9516 | 1.7% |
| Value | Count | Frequency (%) | |
| 3 | 164257 | 28.6% | |
| 4 | 39188 | 6.8% | |
| 5 | 43598 | 7.6% | |
| 6 | 3365 | 0.6% | |
| 21 | 7575 | 1.3% |
| Value | Count | Frequency (%) | |
| 1010 | 793 | 0.1% | |
| 1006 | 141 | < 0.1% | |
| 1005 | 130486 | 22.7% | |
| 1004 | 404 | 0.1% | |
| 1003 | 6136 | 1.1% |
eventName
Categorical
| Distinct count | 30 |
|---|---|
| Unique (%) | < 0.1% |
| Missing | 0 |
| Missing (%) | 0.0% |
| Memory size | 4.4 MiB |
| openat | |
|---|---|
| close | |
| security_file_open | |
| fstat | |
| stat | |
| Other values (25) | 32869 |
| Value | Count | Frequency (%) | |
| openat | 164484 | 28.6% | |
| close | 164257 | 28.6% | |
| security_file_open | 130486 | 22.7% | |
| fstat | 43598 | 7.6% | |
| stat | 39188 | 6.8% | |
| access | 7575 | 1.3% | |
| cap_capable | 6136 | 1.1% | |
| getdents64 | 3893 | 0.7% | |
| lstat | 3365 | 0.6% | |
| kill | 2384 | 0.4% | |
| Other values (20) | 9516 | 1.7% |
Length
| Max length | 21 |
|---|---|
| Median length | 6 |
| Mean length | 8.322031304 |
| Min length | 4 |
| Distinct count | 87166 |
|---|---|
| Unique (%) | 15.2% |
| Missing | 0 |
| Missing (%) | 0.0% |
| Memory size | 4.4 MiB |
| [] | |
|---|---|
| [139692889307527] | 2624 |
| [139692889305126] | 2185 |
| [140214269716871] | 1366 |
| [140225374566791] | 1259 |
| Other values (87161) |
| Value | Count | Frequency (%) | |
| [] | 388340 | 67.6% | |
| [139692889307527] | 2624 | 0.5% | |
| [139692889305126] | 2185 | 0.4% | |
| [140214269716871] | 1366 | 0.2% | |
| [140225374566791] | 1259 | 0.2% | |
| [139743267879303] | 1208 | 0.2% | |
| [140225374564390] | 1175 | 0.2% | |
| [139743267876902] | 1130 | 0.2% | |
| [140214269714470] | 1098 | 0.2% | |
| [140225374561929] | 1041 | 0.2% | |
| Other values (87156) | 173456 | 30.2% |
Length
| Max length | 340 |
|---|---|
| Median length | 2 |
| Mean length | 14.38523732 |
| Min length | 2 |
argsNum
Real number (ℝ≥0)
| Distinct count | 6 |
|---|---|
| Unique (%) | < 0.1% |
| Missing | 0 |
| Missing (%) | 0.0% |
| Infinite | 0 |
| Infinite (%) | 0.0% |
| Mean | 2.74881453933155 |
|---|---|
| Minimum | 0 |
| Maximum | 5 |
| Zeros | 793 |
| Zeros (%) | 0.1% |
| Memory size | 4.4 MiB |
Quantile statistics
| Minimum | 0 |
|---|---|
| 5-th percentile | 1 |
| Q1 | 1 |
| median | 4 |
| Q3 | 4 |
| 95-th percentile | 4 |
| Maximum | 5 |
| Range | 5 |
| Interquartile range (IQR) | 3 |
Descriptive statistics
| Standard deviation | 1.355567577 |
|---|---|
| Coefficient of variation (CV) | 0.4931462482 |
| Kurtosis | -1.741222967 |
| Mean | 2.748814539 |
| Median Absolute Deviation (MAD) | 0 |
| Skewness | -0.2642315733 |
| Sum | 1580244 |
| Variance | 1.837563456 |
Histogram with fixed size bins (bins=10)
| Value | Count | Frequency (%) | |
| 4 | 295742 | 51.4% | |
| 1 | 171513 | 29.8% | |
| 2 | 97733 | 17.0% | |
| 3 | 7604 | 1.3% | |
| 5 | 1497 | 0.3% | |
| 0 | 793 | 0.1% |
| Value | Count | Frequency (%) | |
| 0 | 793 | 0.1% | |
| 1 | 171513 | 29.8% | |
| 2 | 97733 | 17.0% | |
| 3 | 7604 | 1.3% | |
| 4 | 295742 | 51.4% |
| Value | Count | Frequency (%) | |
| 5 | 1497 | 0.3% | |
| 4 | 295742 | 51.4% | |
| 3 | 7604 | 1.3% | |
| 2 | 97733 | 17.0% | |
| 1 | 171513 | 29.8% |
| Distinct count | 321 |
|---|---|
| Unique (%) | 0.1% |
| Missing | 0 |
| Missing (%) | 0.0% |
| Infinite | 0 |
| Infinite (%) | 0.0% |
| Mean | 14.80929477701511 |
|---|---|
| Minimum | -115 |
| Maximum | 7676 |
| Zeros | 398081 |
| Zeros (%) | 69.2% |
| Memory size | 4.4 MiB |
Quantile statistics
| Minimum | -115 |
|---|---|
| 5-th percentile | 0 |
| Q1 | 0 |
| median | 0 |
| Q3 | 6 |
| 95-th percentile | 9 |
| Maximum | 7676 |
| Range | 7791 |
| Interquartile range (IQR) | 6 |
Descriptive statistics
| Standard deviation | 278.1810723 |
|---|---|
| Coefficient of variation (CV) | 18.78422143 |
| Kurtosis | 621.8681189 |
| Mean | 14.80929478 |
| Median Absolute Deviation (MAD) | 0 |
| Skewness | 24.59200612 |
| Sum | 8513597 |
| Variance | 77384.70897 |
Histogram with fixed size bins (bins=10)
| Value | Count | Frequency (%) | |
| 0 | 398081 | 69.2% | |
| 9 | 104849 | 18.2% | |
| 6 | 15785 | 2.7% | |
| 3 | 12925 | 2.2% | |
| 15 | 12393 | 2.2% | |
| -2 | 12048 | 2.1% | |
| 32 | 3067 | 0.5% | |
| 4 | 2319 | 0.4% | |
| 12 | 1768 | 0.3% | |
| 5 | 1364 | 0.2% | |
| Other values (311) | 10283 | 1.8% |
| Value | Count | Frequency (%) | |
| -115 | 124 | < 0.1% | |
| -22 | 30 | < 0.1% | |
| -6 | 373 | 0.1% | |
| -3 | 246 | < 0.1% | |
| -2 | 12048 | 2.1% |
| Value | Count | Frequency (%) | |
| 7676 | 1 | < 0.1% | |
| 7674 | 1 | < 0.1% | |
| 7669 | 1 | < 0.1% | |
| 7664 | 1 | < 0.1% | |
| 7657 | 1 | < 0.1% |
| Distinct count | 184128 |
|---|---|
| Unique (%) | 32.0% |
| Missing | 0 |
| Missing (%) | 0.0% |
| Memory size | 4.4 MiB |
| [{'name': 'fd', 'type': 'int', 'value': 9}] | |
|---|---|
| [{'name': 'fd', 'type': 'int', 'value': 6}] | 16026 |
| [{'name': 'fd', 'type': 'int', 'value': 3}] | 12821 |
| [{'name': 'fd', 'type': 'int', 'value': 15}] | 12776 |
| [{'name': 'fd', 'type': 'int', 'value': 32}] | 3089 |
| Other values (184123) |
| Value | Count | Frequency (%) | |
| [{'name': 'fd', 'type': 'int', 'value': 9}] | 104866 | 18.2% | |
| [{'name': 'fd', 'type': 'int', 'value': 6}] | 16026 | 2.8% | |
| [{'name': 'fd', 'type': 'int', 'value': 3}] | 12821 | 2.2% | |
| [{'name': 'fd', 'type': 'int', 'value': 15}] | 12776 | 2.2% | |
| [{'name': 'fd', 'type': 'int', 'value': 32}] | 3089 | 0.5% | |
| [{'name': 'fd', 'type': 'int', 'value': 6}, {'name': 'statbuf', 'type': 'struct stat*', 'value': '0x7FFDE8C1D530'}] | 2775 | 0.5% | |
| [{'name': 'fd', 'type': 'int', 'value': 15}, {'name': 'statbuf', 'type': 'struct stat*', 'value': '0x7FFDE8C1D530'}] | 2773 | 0.5% | |
| [{'name': 'fd', 'type': 'int', 'value': 4}] | 2190 | 0.4% | |
| [{'name': 'fd', 'type': 'int', 'value': 12}] | 2012 | 0.3% | |
| [{'name': 'fd', 'type': 'int', 'value': 5}] | 1615 | 0.3% | |
| Other values (184118) | 413939 | 72.0% |
Length
| Max length | 445 |
|---|---|
| Median length | 231 |
| Mean length | 165.4473022 |
| Min length | 2 |
sus
Boolean
| Distinct count | 2 |
|---|---|
| Unique (%) | < 0.1% |
| Missing | 0 |
| Missing (%) | 0.0% |
| Memory size | 4.4 MiB |
| 0 | |
|---|---|
| 1 | 273 |
| Value | Count | Frequency (%) | |
| 0 | 574609 | > 99.9% | |
| 1 | 273 | < 0.1% |
Pearson's r
The Pearson's correlation coefficient (r) is a measure of linear correlation between two variables. It's value lies between -1 and +1, -1 indicating total negative linear correlation, 0 indicating no linear correlation and 1 indicating total positive linear correlation. Furthermore, r is invariant under separate changes in location and scale of the two variables, implying that for a linear function the angle to the x-axis does not affect r.To calculate r for two variables X and Y, one divides the covariance of X and Y by the product of their standard deviations.
Spearman's ρ
The Spearman's rank correlation coefficient (ρ) is a measure of monotonic correlation between two variables, and is therefore better in catching nonlinear monotonic correlations than Pearson's r. It's value lies between -1 and +1, -1 indicating total negative monotonic correlation, 0 indicating no monotonic correlation and 1 indicating total positive monotonic correlation.To calculate ρ for two variables X and Y, one divides the covariance of the rank variables of X and Y by the product of their standard deviations.
Kendall's τ
Similarly to Spearman's rank correlation coefficient, the Kendall rank correlation coefficient (τ) measures ordinal association between two variables. It's value lies between -1 and +1, -1 indicating total negative correlation, 0 indicating no correlation and 1 indicating total positive correlation.To calculate τ for two variables X and Y, one determines the number of concordant and discordant pairs of observations. τ is given by the number of concordant pairs minus the discordant pairs divided by the total number of pairs.
Phik (φk)
Phik (φk) is a new and practical correlation coefficient that works consistently between categorical, ordinal and interval variables, captures non-linear dependency and reverts to the Pearson correlation coefficient in case of a bivariate normal input distribution. There is extensive documentation available here.Cramér's V (φc)
Cramér's V is an association measure for nominal random variables. The coefficient ranges from 0 to 1, with 0 indicating independence and 1 indicating perfect association. The empirical estimators used for Cramér's V have been proved to be biased, even for large samples. We use a bias-corrected measure that has been proposed by Bergsma in 2013 that can be found here.First rows
| timestamp | processId | threadId | parentProcessId | userId | mountNamespace | processName | hostName | eventId | eventName | stackAddresses | argsNum | returnValue | args | sus | evil | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 0 | 1809.495787 | 381 | 7337 | 1 | 100 | 4026532231 | close | ip-10-100-1-120 | 157 | prctl | [140662171848350, 11649800180280676] | 5 | 0 | [{'name': 'option', 'type': 'int', 'value': 'PR_SET_NAME'}, {'name': 'arg2', 'type': 'unsigned long', 'value': 94819493392601}, {'name': 'arg3', 'type': 'unsigned long', 'value': 94819493392601}, {'name': 'arg4', 'type': 'unsigned long', 'value': 140662171848350}, {'name': 'arg5', 'type': 'unsigned long', 'value': 140662156379904}] | 1 | 0 |
| 1 | 1809.495832 | 381 | 7337 | 1 | 100 | 4026532231 | close | ip-10-100-1-120 | 3 | close | [140662171777451] | 1 | 0 | [{'name': 'fd', 'type': 'int', 'value': 19}] | 1 | 0 |
| 2 | 1809.495921 | 381 | 7337 | 1 | 100 | 4026532231 | close | ip-10-100-1-120 | 1010 | sched_process_exit | [] | 0 | 0 | [] | 1 | 0 |
| 3 | 1894.139651 | 7347 | 7347 | 7341 | 0 | 4026531840 | sh | ip-10-100-1-120 | 21 | access | [] | 2 | -2 | [{'name': 'pathname', 'type': 'const char*', 'value': '/etc/ld.so.preload'}, {'name': 'mode', 'type': 'int*', 'value': 'R_OK'}] | 1 | 0 |
| 4 | 1894.142127 | 7347 | 7347 | 7341 | 0 | 4026531840 | sh | ip-10-100-1-120 | 1005 | security_file_open | [139778263990104, 139778263906698] | 4 | 0 | [{'name': 'pathname', 'type': 'const char*', 'value': '/etc/ld.so.cache'}, {'name': 'flags', 'type': 'int', 'value': 'O_RDONLY|O_LARGEFILE'}, {'name': 'dev', 'type': 'dev_t', 'value': 211812353}, {'name': 'inode', 'type': 'unsigned long', 'value': 62841}] | 1 | 0 |
| 5 | 1894.142589 | 7347 | 7347 | 7341 | 0 | 4026531840 | sh | ip-10-100-1-120 | 257 | openat | [139778263990104, 139778263906698] | 4 | 3 | [{'name': 'dirfd', 'type': 'int', 'value': -100}, {'name': 'pathname', 'type': 'const char*', 'value': '/etc/ld.so.cache'}, {'name': 'flags', 'type': 'int', 'value': 'O_RDONLY|O_CLOEXEC'}, {'name': 'mode', 'type': 'int*', 'value': 2848309080}] | 1 | 0 |
| 6 | 1894.142753 | 7347 | 7347 | 7341 | 0 | 4026531840 | sh | ip-10-100-1-120 | 5 | fstat | [] | 2 | 0 | [{'name': 'fd', 'type': 'int', 'value': 3}, {'name': 'statbuf', 'type': 'struct stat*', 'value': '0x7FFCAA471A40'}] | 1 | 0 |
| 7 | 1894.143329 | 7347 | 7347 | 7341 | 0 | 4026531840 | sh | ip-10-100-1-120 | 3 | close | [] | 1 | 0 | [{'name': 'fd', 'type': 'int', 'value': 3}] | 1 | 0 |
| 8 | 1894.143403 | 7347 | 7347 | 7341 | 0 | 4026531840 | sh | ip-10-100-1-120 | 1005 | security_file_open | [139778263990104, 139778263906765] | 4 | 0 | [{'name': 'pathname', 'type': 'const char*', 'value': '/usr/lib/x86_64-linux-gnu/libc-2.31.so'}, {'name': 'flags', 'type': 'int', 'value': 'O_RDONLY|O_LARGEFILE'}, {'name': 'dev', 'type': 'dev_t', 'value': 211812353}, {'name': 'inode', 'type': 'unsigned long', 'value': 3429}] | 1 | 0 |
| 9 | 1894.143855 | 7347 | 7347 | 7341 | 0 | 4026531840 | sh | ip-10-100-1-120 | 257 | openat | [139778263990104, 139778263906765] | 4 | 3 | [{'name': 'dirfd', 'type': 'int', 'value': -100}, {'name': 'pathname', 'type': 'const char*', 'value': '/lib/x86_64-linux-gnu/libc.so.6'}, {'name': 'flags', 'type': 'int', 'value': 'O_RDONLY|O_CLOEXEC'}, {'name': 'mode', 'type': 'int*', 'value': 2848309080}] | 1 | 0 |
Last rows
| timestamp | processId | threadId | parentProcessId | userId | mountNamespace | processName | hostName | eventId | eventName | stackAddresses | argsNum | returnValue | args | sus | evil | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 574872 | 1865.075520 | 7469 | 7469 | 187 | 0 | 4026532217 | systemd-udevd | ubuntu | 257 | openat | [139692889305126] | 4 | 15 | [{'name': 'dirfd', 'type': 'int', 'value': 6}, {'name': 'pathname', 'type': 'const char*', 'value': '..'}, {'name': 'flags', 'type': 'unsigned int', 'value': 'O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH'}, {'name': 'mode', 'type': 'mode_t', 'value': 3372970022}] | 0 | 0 |
| 574873 | 1865.075699 | 7468 | 7468 | 187 | 0 | 4026532217 | systemd-udevd | ubuntu | 5 | fstat | [] | 2 | 0 | [{'name': 'fd', 'type': 'int', 'value': 15}, {'name': 'statbuf', 'type': 'struct stat*', 'value': '0x7FFDE8C1D530'}] | 0 | 0 |
| 574874 | 1865.075878 | 7467 | 7467 | 187 | 0 | 4026532217 | systemd-udevd | ubuntu | 257 | openat | [] | 4 | 15 | [{'name': 'dirfd', 'type': 'int', 'value': 6}, {'name': 'pathname', 'type': 'const char*', 'value': 'id'}, {'name': 'flags', 'type': 'unsigned int', 'value': 'O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH'}, {'name': 'mode', 'type': 'mode_t', 'value': 3372970022}] | 0 | 0 |
| 574875 | 1865.075922 | 7464 | 7464 | 187 | 0 | 4026532217 | systemd-udevd | ubuntu | 5 | fstat | [] | 2 | 0 | [{'name': 'fd', 'type': 'int', 'value': 15}, {'name': 'statbuf', 'type': 'struct stat*', 'value': '0x7FFDE8C1D530'}] | 0 | 0 |
| 574876 | 1865.076038 | 7471 | 7471 | 187 | 0 | 4026532217 | systemd-udevd | ubuntu | 3 | close | [] | 1 | 0 | [{'name': 'fd', 'type': 'int', 'value': 6}] | 0 | 0 |
| 574877 | 1865.076217 | 7470 | 7470 | 187 | 0 | 4026532217 | systemd-udevd | ubuntu | 257 | openat | [] | 4 | 6 | [{'name': 'dirfd', 'type': 'int', 'value': 15}, {'name': 'pathname', 'type': 'const char*', 'value': '..'}, {'name': 'flags', 'type': 'unsigned int', 'value': 'O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH'}, {'name': 'mode', 'type': 'mode_t', 'value': 3372970022}] | 0 | 0 |
| 574878 | 1865.076413 | 7473 | 7473 | 187 | 0 | 4026532217 | systemd-udevd | ubuntu | 257 | openat | [] | 4 | 15 | [{'name': 'dirfd', 'type': 'int', 'value': 6}, {'name': 'pathname', 'type': 'const char*', 'value': 'id'}, {'name': 'flags', 'type': 'unsigned int', 'value': 'O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH'}, {'name': 'mode', 'type': 'mode_t', 'value': 3372970022}] | 0 | 0 |
| 574879 | 1865.076550 | 7468 | 7468 | 187 | 0 | 4026532217 | systemd-udevd | ubuntu | 3 | close | [] | 1 | 0 | [{'name': 'fd', 'type': 'int', 'value': 6}] | 0 | 0 |
| 574880 | 1865.076605 | 7469 | 7469 | 187 | 0 | 4026532217 | systemd-udevd | ubuntu | 3 | close | [] | 1 | 0 | [{'name': 'fd', 'type': 'int', 'value': 6}] | 0 | 0 |
| 574881 | 1865.076734 | 7464 | 7464 | 187 | 0 | 4026532217 | systemd-udevd | ubuntu | 3 | close | [] | 1 | 0 | [{'name': 'fd', 'type': 'int', 'value': 6}] | 0 | 0 |